安恒对接H3C防火墙,SA都有,报Tunnel0错误
H3C 防火墙固定地址,做为中心节点,对端也是固定地址,配置主模式。
interface GigabitEthernet1/0/1
port link-mode route
ip address 39.185.89.166 255.255.255.0
ip last-hop hold
nat outbound 3999
ipsec apply policy qj-fw
gateway 39.185.89.1
acl advanced 3999
rule 1 deny ip source 192.166.0.0 0.0.255.255 destination 192.68.0.0 0.0.255.255
rule 2 deny ip source 192.68.0.0 0.0.255.255 destination 192.166.0.0 0.0.255.255
rule 100 permit ip
ipsec logging packet enable
ipsec sa global-duration time-based 28800
#
ipsec transform-set qj-fw_IPv4_10
protocol ah-esp
esp encryption-algorithm aes-cbc-256
esp authentication-algorithm sha256
ah authentication-algorithm sha256
pfs dh-group14
#
ipsec policy-template qj-fw 10
transform-set qj-fw_IPv4_10
local-address 39.185.89.166
ike-profile qj-fw_IPv4_10
sa duration time-based 28800
#
ipsec policy qj-fw 10 isakmp template qj-fw
#
apr signature auto-update
update schedule daily start-time 02:00:00 tingle 120
#
ike profile qj-fw_IPv4_10
keychain qj-fw_IPv4_10
local-identity address 39.185.89.166
match remote identity address 0.0.0.0 0.0.0.0
match local address GigabitEthernet1/0/1
proposal 10
#
ike proposal 10
encryption-algorithm aes-cbc-256
dh group14
authentication-algorithm sha256
#
ike keychain qj-fw_IPv4_10
match local address GigabitEthernet1/0/1
pre-shared-key address 0.0.0.0 0.0.0.0 key cipher $c$3$9XWHnc3BqgAFesTD9O+O0kmmeQ0WGBfFFQ==
#
<▒▒▒ǽ-ǧ▒▒-▒▒▒▒>dis ike sa
Connection-ID Remote Flag DOI
------------------------------------------------------------------
167 39.172.55.127/500 RD IPsec
Flags:
RD--READY RL--REPLACED FD-FADING RK-REKEY
<▒▒▒ǽ-ǧ▒▒-▒▒▒▒>dis ips
<▒▒▒ǽ-ǧ▒▒-▒▒▒▒>dis ipsec sa
-------------------------------
Interface: GigabitEthernet1/0/1
-------------------------------
-----------------------------
IPsec policy: qj-fw
Sequence number: 10
Mode: Template
-----------------------------
Tunnel id: 0
Encapsulation mode: tunnel
Perfect Forward Secrecy: dh-group14
Inside VPN:
Extended Sequence Numbers enable: N
Traffic Flow Confidentiality enable: N
Transmitting entity: Responder
Path MTU: 1396
Tunnel:
local address: 39.185.89.166
remote address: 39.172.55.127
Flow:
sour addr: 192.166.69.0/255.255.255.0 port: 0 protocol: ip
dest addr: 192.68.69.0/255.255.255.0 port: 0 protocol: ip
*Oct 30 15:03:04:464 2024 ▒▒▒ǽ-ǧ▒▒-▒▒▒▒ IPSEC/7/ERROR:
Tunnel0: Failed to check source address because of valid address.
*Oct 30 15:03:09:464 2024 ▒▒▒ǽ-ǧ▒▒-▒▒▒▒ IPSEC/7/ERROR:
Tunnel0: Failed to check source address because of valid address.
*Oct 30 15:03:14:464 2024 ▒▒▒ǽ-ǧ▒▒-▒▒▒▒ IPSEC/7/ERROR:
Tunnel0: Failed to check source address because of valid address.
*Oct 30 15:03:19:464 2024 ▒▒▒ǽ-ǧ▒▒-▒▒▒▒ IPSEC/7/ERROR:
Tunnel0: Failed to check source address because of valid address.
*Oct 30 15:03:24:464 2024 ▒▒▒ǽ-ǧ▒▒-▒▒▒▒ IPSEC/7/ERROR:
Tunnel0: Failed to check source address because of valid address.
*Oct 30 15:03:29:464 2024 ▒▒▒ǽ-ǧ▒▒-▒▒▒▒ IPSEC/7/ERROR:
Tunnel0: Failed to check source address because of valid address.
*Oct 30 15:03:34:464 2024 ▒▒▒ǽ-ǧ▒▒-▒▒▒▒ IPSEC/7/ERROR:
Tunnel0: Failed to check source address because of valid address.
*Oct 30 15:03:39:464 2024 ▒▒▒ǽ-ǧ▒▒-▒▒▒▒ IPSEC/7/ERROR:
Tunnel0: Failed to check source address because of valid address.
*Oct 30 15:03:44:464 2024 ▒▒▒ǽ-ǧ▒▒-▒▒▒▒ IPSEC/7/ERROR:
Tunnel0: Failed to check source address because of valid address.
*Oct 30 15:03:49:464 2024 ▒▒▒ǽ-ǧ▒▒-▒▒▒▒ IPSEC/7/ERROR:
Tunnel0: Failed to check source address because of valid address.
*Oct 30 15:03:54:464 2024 ▒▒▒ǽ-ǧ▒▒-▒▒▒▒ IPSEC/7/ERROR:
Tunnel0: Failed to check source address because of valid address.
*Oct 30 15:03:59:464 2024 ▒▒▒ǽ-ǧ▒▒-▒▒▒▒ IPSEC/7/ERROR:
Tunnel0: Failed to check source address because of valid address.
*Oct 30 15:04:04:464 2024 ▒▒▒ǽ-ǧ▒▒-▒▒▒▒ IPSEC/7/ERROR:
Tunnel0: Failed to check source address because of valid address.
*Oct 30 15:04:09:464 2024 ▒▒▒ǽ-ǧ▒▒-▒▒▒▒ IPSEC/7/ERROR:
Tunnel0: Failed to check source address because of valid address.
*Oct 30 15:04:14:464 2024 ▒▒▒ǽ-ǧ▒▒-▒▒▒▒ IPSEC/7/ERROR:
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
抄袭了我的内容
×
原文链接或出处
诽谤我
×
对根叔社区有害的内容
×
不规范转载
×
举报说明
暂无评论